Author Archives: Giampaolo Franco

About Giampaolo Franco

Giampaolo Franco, degree in Computer Science, Certified Information Security Manager (CISM). Dr. Franco has more than 10 years of experience in governance, risk management, and compliance at Azienda Provinciale per i Servizi Sanitari (APSS, the main healthcare provider of the Autonomous Province of Trento). He is involved in several activities at APSS, including business continuity and disaster recovery, risk analysis, privacy compliance, awareness, internal / external audits, incident management, optimization and quality control of IT processes. Previous work experiences include project management, analysis and programming for several financial institutions. He has also been a consultant for the University of Trento, working in a project aimed to define organizational and security aspects related to the introduction of integrated models of digital teaching in school. Dr. Franco continues to pursue research, education and awareness activities related to information security for the Public Administration with remarkable passion and leadership. He is a member of the ISACA VENICE Chapter, Oracle Community for Security and contributor of Europrivacy. In 2016 he's the winner of the European Institute of Innovation & Technology - EIT Digital pre-incubation programme with a project on Art&Technology.

External data processors: long-term partnership or do not take responsibility?

Finally, the GDPR highlights the situations of disorganization. We are witnessing the attempts to carry out what has not been done so far, especially from the point of view of operational concreteness. In drafting the treatment register, emerges the problem of the assessment regarding the appointments of external data processor. I have observed that some… Read More »

Transparent information: a right of the data subject, not bureaucracy

Article. 12 of GDPR “Transparent information, communication and modalities for the exercise of the rights of the data subject” obliges the holder to provide to the data subjects with all necessary information, in a concise, comprehensible and easily accessible, with a simple and clear language, in particular in the case of information aimed specifically at… Read More »

Relevance and cost of the Data Protection Officer in healthcare organizations

The legislation fixes the data protection as a general problem of high priority, and obliges organizations address data protection seriously and consciously, outlining the tools and strategies to get organized coherently and do their part to counter this risky situation. The GDPR defines an approach for the creation of a system in which information security is… Read More »

The Health Technology Assessment (HTA) approach

Give the citizen a reliable health data, secure and easy to use is not possible without an overview of all the business processes. These can be standardized and simplified if the critical issues are identified, evaluated and removed. In the conduct of information security governance, healthcare organizations can make use of the methodological approach of… Read More »

Privacy risks related to technological and organizational obsolescence in healthcare

The personal health data are the set of information useful to reveal the state of health of a person and consist of personal medical history, results of instrumental and laboratory tests, diagnostic images, medical reports and other sensitive information. The nature of this data is to be at the center of the activities of health… Read More »

The role of Data Protection Officer in an healthcare organisation

The health data are processed in a technological domain very complex, often influenced by the presence of exceptions. These exceptions to the standard management processes add cost, complexity and redundancy in the system, worsening the proper functioning of healthcare organizations. The regulatory environment also does not provide the appropriate tools to attack the critical issues… Read More »

GDPR in healthcare: critical issues and possible solutions

The General Data Protection Regulation is certainly innovative and in line with the current requirements for data security. It is structured in such a way as to ensure consistency, balance and control of the powers of the stakeholders involved. It aims to achieve, in the short and medium term, some “hard” goals. Most public and… Read More »